Behind the Malware – Botnet Analysis
Antony Garand While analyzing our website firewall logs we discovered an old vulnerability being retargeted in RevSlider, a popular WordPress plugin. In 2014 / 2015, this led to massive website compromises.…
Browsing Category
WordPress Security
680 posts
WordPress Sites Leveraged in Layer 7 DDoS Campaigns
Daniel Cid We first disclosed that the WordPress pingback method was being misused to perform massive layer 7 Distributed Denial of Service (DDoS) attacks back in March 2014. The…
Seo-moz.com SEO Spam Campaign
Bruno Zanelato Here at Sucuri we handle countless cases of SEO spam. This malware involves a website being compromised in order to spread (mostly pharmaceutical) advertisements by…
Server Security: Import WordPress Events to OSSEC
We leverage OSSEC extensively to help monitor and protect our servers. If you are not familiar with OSSEC, it is an open source Intrusion Detection System…
Massive Admedia/Adverting iFrame Infection
Denis Sinegubko This past weekend we registered a spike in WordPress infections where hackers injected encrypted code at the end of all legitimate .js files. The distinguishing…
Malicious Pastebin Replacement for jQuery
Website hackers are always changing tactics and borrowing ideas from each other. One of the challenges of website security is staying on top of those…
Using WPScan: Finding WordPress Vulnerabilities
Alycia Mitchell When using WPScan you can scan your WordPress website for known vulnerabilities within the core version, plugins, and themes. You can also find out if…
Website Malware – Evolution of Pseudo Darkleech
Last March we described a WordPress attack that was responsible for hidden iframe injections that resembled Darkleech injections: declarations of styles with random names and…
jQuery.min.php Malware Affects Thousands of Websites
Nov 2016 Update: If your Joomla or WordPress website is infected, check out our new, free, DIY guides to clean your site and prevent reinfection.…
WPScan Intro: WordPress Vulnerability Scanner
Have you ever wanted to run security tests on your WordPress website to see if it could be easily hacked? WPScan is a black box…
Security Advisory: Stored XSS in Akismet WordPress Plugin
Marc-Alexandre Montpas During a routine audit for our WAF, we discovered a critical stored XSS vulnerability affecting Akismet, a popular WordPress plugin deployed by millions of installs.